JOB SUMMARY

The Infected Blood Compensation Authority (IBCA) is responsible for delivering a compensation scheme that has been long awaited by the infected blood community to provide financial compensation to victims of infected blood on a UK-wide basis.
It’s vitally important that we protect the highly sensitive and person data we have within IBCA. The data operations division are here to make sure that happens via safe and secure systems and this role will be responsible for delivering an optimised set of data infrastructure that is secure by design and maximises the use of data safely to enable IBCA to deliver a compensation service that those impacted deserve.
The work we do matters! We need people who can help us deliver that ambition and that can support the speed IBCA needs to deliver without compromising the protection of our organisation and the data it holds.

JOB DESCRIPTION

The Head of Cyber & Information Security is responsible for leading the organisation cyber and information security specialism including capabilities across Security Architecture, Infrastructure Engineering, Security Operations, and Information Security.
In this fast-paced role you will be responsible for defining and operating the cyber and information security strategy, security risk management, ensure compliance with security standards, anticipate challenges, drive performance and build the capability required to ensure the security of IBCA’s information and services.
This position requires a candidate with the ability to think strategically, communicate effectively, and execute with precision. The successful candidate will have a passion for security and be able to lead a team of experts in this field with their deep understanding of cyber and information security and a strong background in infrastructure and technology.

As the Head of Cyber & Information Security, you will be responsible for:

• Developing and enforcing cyber and information security strategy, policies and operating model to protect sensitive data.
• Support the Senior Information Risk Owner (SIRO) in securing and assuring the department’s information and data assets by maintaining a clear view of critical and high-risk systems, reporting on controls and continuing to improve our maturity.
• Ensuring that controls around IBCA solution are appropriate and proportionate to the assessed risks, by embedding Secure by Design.
• Influencing IBCA’s culture surrounding cyber and information security and developing resilience that enables a responsive and adaptable environment to threats, vulnerabilities, business requirements and security and infrastructure best practice/policies.
• Delivery of threat intelligence, threat detection, incident response, vulnerability management and ethical hacking capabilities.
• Delivery and maintenance of the data infrastructure that supports IBCA ensuring they function efficiently and reliably.
• Lead the technical response to major cyber and information security incidents and critical vulnerabilities impacting the Cabinet Office
• Communicate regularly with senior leadership and stakeholders about the organisation’s cyber and information security posture, threat landscape, and risk management efforts.
• Act as a subject matter expert on cyber and information security matters, both internally and externally, and keep abreast of industry developments and emerging threats.
• Recruit, develop, and manage a team of cyber, information security and infrastructure engineer professionals, ensuring that they have the necessary skills and resources to perform their jobs effectively.

It is essential for this role that you are positive, resilient, collaborative and can handle working under significant time pressures.

TECHNICAL SKILLS

We’ll assess you against these technical skills during the selection process:

• Cyber Security Governance
• Cyber Risk & Incident Management
• Security Architecture

NATIONALITY REQUIREMENTS

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements

MAIN RESPONSIBILITIES

• Cyber and information security strategy and operating model: Develop, implement, and enforce a security strategy and operating model through policies & frameworks.
• Incident response: Plan and execute the organisations response to security breaches.
• Security architecture: Oversee the design and implementation of secure infrastructure, applications, and networks.
• Compliance: Ensure adherence to relevant standards and delivery of high-quality outcomes on time and to budget.
• Risk management: Identify, assess, and control threats to the organisation and ensure approaches provide good governance and achieve compliance.
• Resilience: Define and manage business continuity and disaster recovery, and ensure that the organisation is provided with adequate and timely cyber security, and information governance training, embedding cyber resilience and secure handling of information assets.
• Foster a positive and inclusive team environment that promotes wellbeing, collaboration, and a supportive culture aligned with departmental values.

As the Head of Cyber & Information Security, you will be responsible for:

• Developing and enforcing cyber and information security strategy, policies and operating model to protect sensitive data.
• Support the Senior Information Risk Owner (SIRO) in securing and assuring the department’s information and data assets by maintaining a clear view of critical and high-risk systems, reporting on controls and continuing to improve our maturity.
• Ensuring that controls around IBCA solution are appropriate and proportionate to the assessed risks, by embedding Secure by Design.
• Influencing IBCA’s culture surrounding cyber and information security and developing resilience that enables a responsive and adaptable environment to threats, vulnerabilities, business requirements and security and infrastructure best practice/policies.
• Delivery of threat intelligence, threat detection, incident response, vulnerability management and ethical hacking capabilities.
• Delivery and maintenance of the data infrastructure that supports IBCA ensuring they function efficiently and reliably.
• Lead the technical response to major cyber and information security incidents and critical vulnerabilities impacting the Cabinet Office
• Communicate regularly with senior leadership and stakeholders about the organisation’s cyber and information security posture, threat landscape, and risk management efforts.
• Act as a subject matter expert on cyber and information security matters, both internally and externally, and keep abreast of industry developments and emerging threats.
• Recruit, develop, and manage a team of cyber, information security and infrastructure engineer professionals, ensuring that they have the necessary skills and resources to perform their jobs effectively